Continuous Authentication and Authorization for the Internet of Things

With the dawn of the Internet of Things, small but smart devices have become ubiquitous. Although these devices carry a lot of compute power and enable several interesting applications, they lack conventional interfaces such as keyboards, mice, and touchscreens. As a result, such devices can't authenticate and authorize users in familiar ways. Furthermore, unlike for conventional settings, a one-time authentication at the start of a session usually isn't appropriate for the IoT, because the application scenarios are dynamic and a user might not retain physical control or even awareness of IoT devices quite as readily as with traditional computers. Thus, users need to be continuously authenticated and authorized. Fortunately, the IoT offers interesting potential solutions for meeting these requirements. This article discusses some challenges and opportunities in developing continuous authentication and authorization approaches for the IoT while also presenting a case study of a Wi-Fi-based human authentication system called WiFiU.